/*
 * HSM Proxy Project.
 * Copyright (C) 2013 FedICT.
 * Copyright (C) 2013 Frank Cornelis.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License version
 * 3.0 as published by the Free Software Foundation.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, see 
 * http://www.gnu.org/licenses/.
 */

package be.fedict.hsm.model.admin;

import java.util.List;

import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;

import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jboss.ejb3.annotation.SecurityDomain;

import be.fedict.hsm.entity.ApplicationEntity;
import be.fedict.hsm.entity.ApplicationKeyEntity;
import be.fedict.hsm.entity.ApplicationKeyId;
import be.fedict.hsm.entity.CredentialEntity;
import be.fedict.hsm.entity.KeyStoreEntity;
import be.fedict.hsm.model.exception.ExistingApplicationException;
import be.fedict.hsm.model.exception.ExistingApplicationKeyException;
import be.fedict.hsm.model.exception.ExistingCredentialException;
import be.fedict.hsm.model.security.AdministratorRoles;
import be.fedict.hsm.model.security.AdministratorSecurityDomain;
import be.fedict.hsm.model.security.JBossSecurityManagerBean;

@Stateless
@SecurityDomain(AdministratorSecurityDomain.NAME)
@RolesAllowed(AdministratorRoles.ADMINISTRATOR)
public class ApplicationManagerBean {

	private static final Log LOG = LogFactory
			.getLog(ApplicationManagerBean.class);

	@PersistenceContext
	private EntityManager entityManager;

	@EJB
	private JBossSecurityManagerBean jbossSecurityManagerBean;

	public List<ApplicationEntity> getApplications() {
		return ApplicationEntity.getApplications(this.entityManager);
	}

	public void addApplication(String applicationName)
			throws ExistingApplicationException {
		if (ApplicationEntity.hasApplication(this.entityManager,
				applicationName)) {
			throw new ExistingApplicationException();
		}
		ApplicationEntity applicationEntity = new ApplicationEntity(
				applicationName);
		this.entityManager.persist(applicationEntity);
	}

	public void removeApplication(ApplicationEntity application) {
		ApplicationEntity applicationEntity = this.entityManager.find(
				ApplicationEntity.class, application.getId());
		List<ApplicationKeyEntity> applicationKeyEntities = ApplicationKeyEntity
				.getApplicationKeys(this.entityManager, applicationEntity);
		for (ApplicationKeyEntity applicationKeyEntity : applicationKeyEntities) {
			this.entityManager.remove(applicationKeyEntity);
		}
		List<CredentialEntity> credentialEntities = CredentialEntity
				.getCredentials(this.entityManager, applicationEntity);
		for (CredentialEntity credentialEntity : credentialEntities) {
			this.entityManager.remove(credentialEntity);
			this.jbossSecurityManagerBean
					.flushApplicationCache(credentialEntity.getHash());
		}
		this.entityManager.remove(applicationEntity);
	}

	public List<ApplicationKeyEntity> getKeys(ApplicationEntity application) {
		return ApplicationKeyEntity.getApplicationKeys(this.entityManager,
				application);
	}

	public void addApplicationKey(String keyName, ApplicationEntity application)
			throws ExistingApplicationKeyException {
		ApplicationKeyId applicationKeyId = new ApplicationKeyId(
				application.getId(), keyName);
		ApplicationKeyEntity applicationKeyEntity = this.entityManager.find(
				ApplicationKeyEntity.class, applicationKeyId);
		if (null != applicationKeyEntity) {
			throw new ExistingApplicationKeyException();
		}
		ApplicationEntity applicationEntity = this.entityManager.find(
				ApplicationEntity.class, application.getId());
		applicationKeyEntity = new ApplicationKeyEntity(applicationEntity,
				keyName);
		this.entityManager.persist(applicationKeyEntity);
	}

	public void removeApplicationKey(ApplicationKeyEntity applicationKey) {
		ApplicationKeyEntity applicationKeyEntity = this.entityManager.find(
				ApplicationKeyEntity.class, applicationKey.getId());
		this.entityManager.remove(applicationKeyEntity);
	}

	public void updateApplicationKey(ApplicationKeyEntity applicationKey,
			String keyStoreId, String keyStoreKeyAlias) {
		ApplicationKeyEntity applicationKeyEntity = this.entityManager.find(
				ApplicationKeyEntity.class, applicationKey.getId());
		if (null == keyStoreId || keyStoreId.isEmpty()) {
			applicationKeyEntity.setKeyStore(null);
			applicationKeyEntity.setKeyStoreKeyAlias(null);
		} else {
			KeyStoreEntity keyStoreEntity = this.entityManager.find(
					KeyStoreEntity.class, Long.parseLong(keyStoreId));
			applicationKeyEntity.setKeyStore(keyStoreEntity);
			applicationKeyEntity.setKeyStoreKeyAlias(keyStoreKeyAlias);
		}
	}

	public List<CredentialEntity> getCredentials(ApplicationEntity application) {
		ApplicationEntity applicationEntity = this.entityManager.find(
				ApplicationEntity.class, application.getId());
		return CredentialEntity.getCredentials(this.entityManager,
				applicationEntity);
	}

	public void addApplicationCredential(ApplicationEntity application,
			byte[] credential) throws ExistingCredentialException {
		LOG.debug("addApplicationCredential");
		ApplicationEntity applicationEntity = this.entityManager.find(
				ApplicationEntity.class, application.getId());
		String hash = DigestUtils.sha1Hex(credential);
		CredentialEntity existingCredentialEntity = this.entityManager.find(
				CredentialEntity.class, hash);
		if (null != existingCredentialEntity) {
			throw new ExistingCredentialException();
		}
		CredentialEntity credentialEntity = new CredentialEntity(hash,
				credential, applicationEntity);
		this.entityManager.persist(credentialEntity);
	}

	public void removeCredential(CredentialEntity credential) {
		LOG.debug("removeCredential: " + credential.getHash());
		CredentialEntity credentialEntity = this.entityManager.find(
				CredentialEntity.class, credential.getHash());
		this.entityManager.remove(credentialEntity);
		/*
		 * Next really has to be on credential.hash, not on app.id
		 */
		this.jbossSecurityManagerBean.flushApplicationCache(credential
				.getHash());
	}
}
